Blame - sepolicy/recovery.te - platform_vendor_bliss

blob: e2efee45f9772148388f182cd28268d7f6a7c225 [file] [log] [blame]

Steve Kondik	06ec585	2014-12-01 10:38:25 -0800	[diff] [blame]	1	recovery_only(`
				2
Tom Marshall	39a4244	2014-11-26 13:26:14 -0800	[diff] [blame]	3	# Secure adb (setup_adbd)
				4	allow adbd adb_keys_file:dir search;
Steve Kondik	06ec585	2014-12-01 10:38:25 -0800	[diff] [blame]	5	allow recovery adb_keys_file:dir r_dir_perms;
Tom Marshall	39a4244	2014-11-26 13:26:14 -0800	[diff] [blame]	6	allow recovery adb_keys_file:file r_file_perms;
				7	allow recovery shell_prop:property_service set;
				8
				9	# Recovery dialogs
				10	unix_socket_connect(recovery, vold, vold)
				11	allow recovery tmpfs:sock_file create_file_perms;
Steve Kondik	06ec585	2014-12-01 10:38:25 -0800	[diff] [blame]	12
				13	# Read packages.xml
				14	allow recovery system_data_file:file r_file_perms;
				15
				16	# Manage fstab and /adb_keys
				17	allow recovery rootfs:file create_file_perms;
Steve Kondik	aeec0ac	2015-11-26 02:19:44 -0800	[diff] [blame]	18	allow recovery rootfs:file link;
Matt Mower	2806bc4	2014-12-19 10:45:10 -0600	[diff] [blame]	19	allow recovery rootfs:dir { write create rmdir add_name remove_name };
Steve Kondik	06ec585	2014-12-01 10:38:25 -0800	[diff] [blame]	20
Matt Mower	2806bc4	2014-12-19 10:45:10 -0600	[diff] [blame]	21	# Read storage files and directories
Dan Pasanen	e33cc1d	2014-12-14 10:36:10 -0600	[diff] [blame]	22	allow recovery media_rw_data_file:dir r_dir_perms;
				23	allow recovery media_rw_data_file:file r_file_perms;
Matt Mower	2806bc4	2014-12-19 10:45:10 -0600	[diff] [blame]	24	allow recovery vfat:dir r_dir_perms;
				25	allow recovery vfat:file r_file_perms;
				26	allow recovery sdcard_posix:dir r_dir_perms;
				27	allow recovery sdcard_posix:file r_file_perms;
Dan Pasanen	e33cc1d	2014-12-14 10:36:10 -0600	[diff] [blame]	28
Steve Kondik	06ec585	2014-12-01 10:38:25 -0800	[diff] [blame]	29	# Control properties
				30	allow recovery recovery_prop:property_service set;
				31
Ricardo Cerqueira	c738cc2	2015-01-03 04:23:08 +0000	[diff] [blame]	32	# recursive rm for wipes... :(
				33	allow recovery file_type:dir { rw_dir_perms rmdir };
				34	allow recovery file_type:notdevfile_class_set { unlink getattr };
				35	# wipe saves and restores the layout version
				36	allow recovery install_data_file:file create_file_perms;
Tom Marshall	b4bf950	2015-03-09 15:08:27 -0700	[diff] [blame]	37	allow recovery system_data_file:file create_file_perms;
Ricardo Cerqueira	c738cc2	2015-01-03 04:23:08 +0000	[diff] [blame]	38
Ricardo Cerqueira	c75446d	2015-02-05 22:33:47 +0000	[diff] [blame]	39	# /cache/recovery things: command and logs
				40	allow recovery recovery_cache_file:dir create_dir_perms;
				41	allow recovery recovery_cache_file:file create_file_perms;
				42
Steve Kondik	74891fa	2015-08-05 17:54:33 -0700	[diff] [blame]	43	# set system properties for various things
				44	allow recovery system_prop:property_service set;
Steve Kondik	06ec585	2014-12-01 10:38:25 -0800	[diff] [blame]	45	')